Enhanced digital right management framework

US 8,572,400 B2
Filed: 03/26/2007
Issued: 10/29/2013
Est. Priority Date: 03/26/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A non-transitory machine-readable medium comprising a plurality of instructions which when executed result in a server platform:

receiving, from a client platform, a request of downloading content;

receiving, from the client platform, first attestation information comprising a measurement result of a hardware component and a software component of the client platform;

examining if the client platform attests to a client platform characteristic that affects integrity of the client platform by comparing the first attestation information with a value provided by the client platform;

encrypting and downloading the content to the client platform, if the client platform attests to the client platform characteristic;

receiving, from the client platform, a request of viewing the content;

receiving, from the client platform, second attestation information comprising another measurement result of the hardware component and the software component of the client platform, wherein the another measurement result comprises a hash value;

examining if the client platform attests to the client platform characteristic that affects integrity of the client platform by comparing the second attestation information with the value; and

sending a content key to the client platform if the client platform attests to the client platform characteristic.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Machine-readable media, methods, apparatus and system for enhanced digital right management framework are described. A server platform may receive a request of downloading content and first attestation information from a client platform. The server platform may examine if the client platform attests to a client platform characteristic that affects integrity of the client platform by using the attestation information, and then encrypt and download the content to the client platform if the client platform attests to the client platform characteristic. The server platform may further receive a request of viewing the content and second attestation information from the client platform. The server platform may then examine if the client platform attests to its integrity by using the second attestation information; and then send a content key to the client platform if the client platform attests to its integrity, so that the client platform can decrypt and view the content.

45 Citations

View as Search Results

11 Claims

1. A non-transitory machine-readable medium comprising a plurality of instructions which when executed result in a server platform:
- receiving, from a client platform, a request of downloading content;
  
  receiving, from the client platform, first attestation information comprising a measurement result of a hardware component and a software component of the client platform;
  
  examining if the client platform attests to a client platform characteristic that affects integrity of the client platform by comparing the first attestation information with a value provided by the client platform;
  
  encrypting and downloading the content to the client platform, if the client platform attests to the client platform characteristic;
  
  receiving, from the client platform, a request of viewing the content;
  
  receiving, from the client platform, second attestation information comprising another measurement result of the hardware component and the software component of the client platform, wherein the another measurement result comprises a hash value;
  
  examining if the client platform attests to the client platform characteristic that affects integrity of the client platform by comparing the second attestation information with the value; and
  
  sending a content key to the client platform if the client platform attests to the client platform characteristic.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The non-transitory machine-readable medium of claim 1, wherein the plurality of instructions further result in the server platform:
    - checking if a predetermined policy allows downloading the content from the server platform to the client platform.
  - 3. The non-transitory machine readable medium of claim 2, wherein the plurality of instructions that result in the server platform encrypting and downloading, further result in the server platform:
    - encrypting and downloading the content to the client platform, if the predetermined policy allows downloading the content from the server platform to the client platform.
  - 4. The non-transitory machine-readable medium of claim 1, wherein the content is encrypted with a content key owned by the server platform.
  - 5. The non-transitory machine readable medium of claim 1, wherein the client platform characteristic reflects whether the client platform is vulnerable to malicious attacks.
  - 6. The non-transitory machine readable medium of claim 1, wherein the first attestation information comprises a hash value as the measurement result of the hardware component and the software component of the client platform.
  - 7. The non-transitory machine-readable medium of claim 1, wherein the plurality of instructions further result in the server platform:
    - checking if a predetermined policy allows the client platform to view the content.
  - 8. The non-transitory machine readable medium of claim 7, wherein the plurality of instructions that result in the server platform sending, further result in the server platform:
    - sending the content key to the client platform, if the predetermined policy allows the client platform to view the content.

9. A non-transitory machine-readable medium comprising a plurality of instructions which when executed result in a client platform:
- sending, to a server platform, a request of downloading content;
  
  sending, to the server platform, first attestation information comprising a measurement result of a hardware component and a software component of the client platform;
  
  receiving, from the server platform, the content that is encrypted with a content key owned by the server platform, if the server platform determines that the client platform attests to a client platform characteristic that affects integrity of the client platform by comparing the first attestation information with a value provided by the client platform;
  
  sending, to the server platform, a request of viewing the content;
  
  sending, to the server platform, second attestation information comprising another measurement result of the hardware component and the software component of the client platform, wherein the another measurement result comprises a hash value; and
  
  receiving, from the server platform, the content key to decrypt the content, if the server platform determines that the client platform attests to the client platform characteristic that affects the integrity of the client platform by comparing the second attestation information with the value.
- View Dependent Claims (10, 11)
- - 10. The non-transitory machine-readable medium of claim 9, wherein the plurality of instructions further result in the client platform:
    - measuring the hardware component and the software component of the client platform on whether the component is vulnerable to a malicious attack, to provide the value;
      
      signing the value with a key owned by the client platform, to provide the client platform characteristic; and
      
      sending the value to the server platform.
  - 11. The non-transitory machine-readable medium of claim 9, wherein:
    - the first attestation information comprises a hash value as the measurement result of the hardware component and the software component of the client platform.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Lin, Yunbiao, Yang, Jie, Song, Chuan
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
LANE, GREGORY A

Application Number

US12/532,143
Publication Number

US 20110035577A1
Time in Patent Office

2,409 Days
Field of Search

713/155, 713/189, 705/51
US Class Current

713/189
CPC Class Codes

G06F 21/1077   Recurrent authorisation

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 2221/2153   Using hardware token as a s...

H04L 2463/101   applying security measures ...

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

Enhanced digital right management framework

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

45 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced digital right management framework

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links